0
30.6.0
Australia, Zurich, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu
Standalone Application
Note:
This app version is intended for Unified Security Exposure Management (USEM), a significant architectural upgrade to the Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
Configuration Compliance exposes configuration-related security vulnerabilities that have the highest impact on business operations. It streamlines the remediation process across frequently isolated information security, IT operations, and business process stakeholders.
The Configuration Compliance application includes the following capabilities:
- Using the Tenable.io integration with Configuration Compliance (CC), identify configuration-related vulnerabilities on your assets to verify that your assets are in compliance with your policies and controls.
- Secure Configuration Assessment (SCA) ecosystem integration - ServiceNow Configuration Compliance unifies configuration assessment, assignment, and remediation across all of your assets. Configuration scanning content can be imported from leading SCA applications such as Qualys Policy Compliance (PC) and Tenable.io.
- Asset-centric prioritization - Focus your limited remediation resources on activities with the greatest risk reduction.
- Remediation workflow orchestration - Configuration findings can be grouped and routed based on remediation specialist skill set and areas of responsibility. Intelligent workflows and tight integration with change management provides smooth task handoffs between groups.
- Continuous monitoring for ServiceNow Governance, Risk, and Compliance (GRC) risk assessment and policy compliance - When CC is used with ServiceNow GRC, the configuration tests in Configuration Compliance can be rolled up to their corresponding GRC controls in ServiceNow GRC.
- Enhanced change management - Create pre-populated change requests for IT directly from Configuration Compliance to help you with your remediation tasks that require additional resources.
- Dashboards - View the remediation status metrics on the remediation tasks, compliance tests, and policy records.
New
- Added configurable uniqueness for Tenable compliance tests, allowing administrators to control how test results are identified and preventing unintended overwrites.
- Extended the split test results framework to support Tenable compliance integrations.
- IT Remediation Owners can now manually create Remediation Tasks directly from the Security Exposure Management workspace list view in Configuration Compliance.
- Added out-of-the-box query range access control lists (ACLs) to strengthen data access security in the Configuration Compliance application.
Changed
- The Create Change and Link Change Request actions now automatically activate or deactivate based on ITSM Advanced plugin availability.
- Improved the Exception Management experience, including risk reduction workflows and questionnaires.
Fixed
- Fixed issues that could generate duplicate Remediation Tasks during task splitting, vulnerable item reopening, task rejection, task reopening from an Under Investigation state, and single-finding scenarios.
- Fixed an issue where manually created Remediation Tasks without associated findings could remain stuck in a Resolved state and could not be closed.
- Fixed an issue where the approvers list on Vulnerability Response exception rules did not refresh correctly after an extension request, which could result in duplicate email notifications.
- Fixed an issue that could generate duplicate approval records when requesting an extension for a Configuration Test Result exception rule.
- Fixed an issue where delegated approvers could not view the vulnerable items associated with their approval assignments.
- Fixed email notification issues that could trigger duplicate emails during scheduled updates to auto-exception rules.
- Fixed an issue where Change Requests could not be created from Remediation Tasks when the user session date format used day-first ordering (dd/mm/yyyy or dd-mm-yyyy).
- Fixed an issue that could cause post-integration jobs for Configuration Compliance to fail with a script error.
- Reduced excessive text indexing on large Vulnerability Response tables during upgrades to newer platform versions.
- The Configuration Compliance application and its dependency plugins must be installed and activated.
- For more information on the Vulnerability Response and Configuration Compliance applications compatibility, see Vulnerability Response Compatibility Matrix and Release Schema Changes in the Supporting Links and Docs section on this page.
- The following Security Operations apps must be installed and activated:
- Security Integration Framework
- Security Support Common
- Security Exposure Management (requires entitlement from the store)
- The Qualys Vulnerability Integration and the Tenable.io product in the Tenable Vulnerability Integration can be used with the Configuration Compliance.
- For more information about these integrations and their compatibility with Configuration Compliance, see Vulnerability Response Compatibility Matrix and Release Schema Changes in the Supporting Links and Docs section on this page.
- Permissions and roles:
- Roles required:
- System Admin (admin) for installation
- Configuration Compliance Admin (sn_vulc.admin) or admin for configuration
- Roles required: